CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
Decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...